That’s right, I wrote my first book together with Emma Jane Hogbin and I’m very excited! Front End Drupal teaches you how to customize a Drupal website. It doesn’t just explain how you can create a theme, but it also introduces you to the concepts and structure of a web page generated by Drupal (blocks, regions, menus, form elements and so on) as well as making the theme interactive using JavaScript and jQuery.

The first reviews are in and they are looking great! Addison Berry, co-author of O’Reilly’s awesome Using Drupal book did an extensive review of the book and writes:

[…] Overall, a great book, jam-packed with lots of learning. Congrats to Emma and Konstantin for producing another great book in the Drupal library.

Victor Kane writes:

I can’t say enough good things about this book. […] If you are only going to buy two or three Drupal books, make sure this one is always handy while you are working.

Jeff Eaton from Lullabot, also a co-author of O’Reilly’s Using Drupal book writes:

It’s a great find for anyone who’s looking to understand the pieces and how they fit together.

Go to http://frontenddrupal.com to read more about the book and learn about ways to obtain it. To my knowledge, Front End Drupal is also the first Drupal book available for Amazon’s Kindle (Drupal association affiliate link)!

Today, the Call for Papers for the first German DrupalCamp in Cologne opened. The Camp will take place on the January 17 and 18. Sessions can be submitted both in German and in English as the DrupalCamp will be bilingual. Registration will open in the coming days.

Now that I managed to get SSL set up using a wildcard certificate (*.kkaefer.com) signed by CACert, securing the login to a Drupal site is amazingly easy:

# Force the user to use https.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule /(user|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R]

# Enfore SSL for user login and administration.
<LocationMatch "/(user|admin)">
    SSLRequireSSL
</LocationMatch>

That’s pretty much all you need. It works transparently for the user: When the user tries to access a URL beginning with admin or user, a redirect to the exact same request, but with http replaced by https is performed. Additionally, SSL is set to be required for those locations (I added that to prevent logins without SSL in case mod_rewrite fails, becomes unavailable etc.). You can easily add new paths that require SSL by just adding them to both regular expressions.

Sometimes users can login using a URL that doesn’t begin with user. Therefore you should also install securelogin.module which rewrites the actions of forms to use https.

After several years, Drupal is back on LinuxTag with an entire booth of its own. Thanks to Marco Rademacher who took the initiative to register the Drupal project with the approval of the Drupal Association. The booth is run by the DUG Berlin and situated in hall 7.2a.

Can’t log in in your Drupal 7.x-dev installation? Run update.php to update the password hashes. There is a new password hashing algorithm in core that provides better protection from rainbow tables.

You probably know it by now: Dries Buytaert started yet another company: Its product is “Mollom”, a comment spam filtering webservice, similar to Akismet. Congratulations, Dries! I’ve been one of the very first beta testers (User ID #5 on mollom.com) and have been using the module since a bit more than 9 months now. At first, I still had some issues with comment spam getting through Mollom’s filter, but that eventually stopped during the last couple of months.

I haven’t used Akismet in a while now (I did use it before switching to Mollom), so I can’t really tell whether it’s more accurate. While there are some minor nitpicks, I’m rather satisified with Mollom.

Mollom wants to distinguish itself from Akismet by not only blocking spam: The goal is to “improve overall content quality”. While I get virtually no automated comment spam anymore, I now get actual humans who post spam comments. These comments are usually somewhat related to the blog post. That means I’m not getting generic “This content is great!” comments, but for instance, “This bundle is very useful. Thanks!” on my blog post about the TextMate Drupal bundle. Sounds like a valid comment, however, the supplied comment author homepage contains clearly a spam URL.